[KEYCLOAK-8694] - Mark Drools policy as tech preview

2018-11-09 08:31:16 -02:00 · 2018-11-09 08:31:16 -02:00 · cd96d6cc35
commit cd96d6cc35
parent 1ee6fd7130
9 changed files with 38 additions and 36 deletions
--- a/authz/policy/drools/src/main/java/org/keycloak/authorization/policy/provider/drools/DroolsPolicyProviderFactory.java
+++ b/authz/policy/drools/src/main/java/org/keycloak/authorization/policy/provider/drools/DroolsPolicyProviderFactory.java
@ -11,18 +11,19 @@ import org.keycloak.authorization.model.ResourceServer;
 import org.keycloak.authorization.policy.provider.PolicyProvider;
 import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
 import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
 import org.keycloak.common.Profile;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.KeycloakSessionFactory;
 import org.keycloak.provider.EnvironmentDependentProviderFactory;
 import org.keycloak.representations.idm.authorization.PolicyRepresentation;
 import org.keycloak.representations.idm.authorization.RulePolicyRepresentation;
 import org.kie.api.KieServices;
 import org.kie.api.KieServices.Factory;
 import org.kie.api.runtime.KieContainer;
 /**
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
 */
-public class DroolsPolicyProviderFactory implements PolicyProviderFactory<RulePolicyRepresentation> {
+public class DroolsPolicyProviderFactory implements PolicyProviderFactory<RulePolicyRepresentation>, EnvironmentDependentProviderFactory {
    private KieServices ks;
    private final Map<String, DroolsPolicy> containers = Collections.synchronizedMap(new HashMap<>());
@ -123,7 +124,6 @@ public class DroolsPolicyProviderFactory implements PolicyProviderFactory<RulePo
    }
    private void updateConfig(Policy policy, RulePolicyRepresentation representation) {
        policy.putConfig("mavenArtifactGroupId", representation.getArtifactGroupId());
        policy.putConfig("mavenArtifactId", representation.getArtifactId());
        policy.putConfig("mavenArtifactVersion", representation.getArtifactVersion());
@ -131,7 +131,6 @@ public class DroolsPolicyProviderFactory implements PolicyProviderFactory<RulePo
        policy.putConfig("scannerPeriodUnit", representation.getScannerPeriodUnit());
        policy.putConfig("sessionName", representation.getSessionName());
        policy.putConfig("moduleName", representation.getModuleName());
    }
    void update(Policy policy) {
@ -150,4 +149,9 @@ public class DroolsPolicyProviderFactory implements PolicyProviderFactory<RulePo
    KieContainer getKieContainer(String groupId, String artifactId, String version) {
        return this.ks.newKieContainer(this.ks.newReleaseId(groupId, artifactId, version));
    }
    @Override
    public boolean isSupported() {
        return Profile.isFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
    }
 }
--- a/common/src/main/java/org/keycloak/common/Profile.java
+++ b/common/src/main/java/org/keycloak/common/Profile.java
@ -49,7 +49,8 @@ public class Profile {
        IMPERSONATION(Type.DEFAULT),
        OPENSHIFT_INTEGRATION(Type.DEFAULT),
        SCRIPTS(Type.PREVIEW),
-        TOKEN_EXCHANGE(Type.PREVIEW);
+        TOKEN_EXCHANGE(Type.PREVIEW),
        AUTHZ_DROOLS_POLICY(Type.PREVIEW);;
        private Type type;
--- a/common/src/test/java/org/keycloak/common/ProfileTest.java
+++ b/common/src/test/java/org/keycloak/common/ProfileTest.java
@ -22,8 +22,8 @@ public class ProfileTest {
    @Test
    public void checkDefaults() {
        Assert.assertEquals("community", Profile.getName());
-        assertEquals(Profile.getDisabledFeatures(), Profile.Feature.ACCOUNT2, Profile.Feature.ACCOUNT_API, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.DOCKER, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE);
+        assertEquals(Profile.getDisabledFeatures(), Profile.Feature.ACCOUNT2, Profile.Feature.ACCOUNT_API, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.DOCKER, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.AUTHZ_DROOLS_POLICY);
-        assertEquals(Profile.getPreviewFeatures(), Profile.Feature.ACCOUNT_API, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE);
+        assertEquals(Profile.getPreviewFeatures(), Profile.Feature.ACCOUNT_API, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.AUTHZ_DROOLS_POLICY);
        assertEquals(Profile.getExperimentalFeatures(), Profile.Feature.ACCOUNT2);
    }
--- a/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java
@ -319,13 +319,6 @@ public class PolicyService {
        return authorization.getProviderFactory(policyType);
    }
    private void findAssociatedPolicies(Policy policy, List<Policy> policies) {
        policy.getAssociatedPolicies().forEach(associated -> {
            policies.add(associated);
            findAssociatedPolicies(associated, policies);
        });
    }
    private void audit(AbstractPolicyRepresentation resource, String id, OperationType operation, KeycloakSession session) {
        if (authorization.getRealm().isAdminEventsEnabled()) {
            if (id != null) {
--- a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api-authz-service.json
+++ b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api-authz-service.json
@ -55,18 +55,11 @@
    {
      "name": "Only Owner Policy",
      "description": "Defines that only the resource owner is allowed to do something",
-      "type": "rules",
+      "type": "js",
      "logic": "POSITIVE",
      "decisionStrategy": "UNANIMOUS",
      "config": {
-        "mavenArtifactVersion": "2.5.0.Final-SNAPSHOT",
+        "code": "var permission = $evaluation.getPermission();\nvar identity = $evaluation.getContext().getIdentity();\nvar resource = permission.getResource();\nif (resource) {\nif (resource.getOwner().equals(identity.getId())) {\n$evaluation.grant();\n}}"
        "mavenArtifactId": "photoz-authz-policy",
        "sessionName": "MainOwnerSession",
        "mavenArtifactGroupId": "org.keycloak.testsuite",
        "moduleName": "PhotozAuthzOwnerPolicy",
        "applyPolicies": "[]",
        "scannerPeriod": "1",
        "scannerPeriodUnit": "Hours"
      }
    },
    {
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GenericPolicyManagementTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GenericPolicyManagementTest.java
@ -26,6 +26,7 @@ import org.keycloak.admin.client.resource.ResourceResource;
 import org.keycloak.admin.client.resource.ResourceScopeResource;
 import org.keycloak.admin.client.resource.ResourceScopesResource;
 import org.keycloak.admin.client.resource.ResourcesResource;
 import org.keycloak.common.Profile;
 import org.keycloak.representations.idm.authorization.DecisionStrategy;
 import org.keycloak.representations.idm.authorization.Logic;
 import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation;
@ -34,6 +35,7 @@ import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import javax.ws.rs.core.Response;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
@ -142,7 +144,13 @@ public class GenericPolicyManagementTest extends AbstractAuthorizationTest {
                .policyProviders().stream().map(PolicyProviderRepresentation::getType).collect(Collectors.toList());
        assertFalse(providers.isEmpty());
-        assertTrue(providers.containsAll(Arrays.asList(EXPECTED_BUILTIN_POLICY_PROVIDERS)));
+        List expected = new ArrayList(Arrays.asList(EXPECTED_BUILTIN_POLICY_PROVIDERS));
        if (!Profile.isFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY)) {
            expected.remove("rules");
        }
        assertTrue(providers.containsAll(expected));
    }
    private PolicyResource createTestingPolicy() {
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/RulesPolicyManagementTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/RulesPolicyManagementTest.java
@ -28,10 +28,11 @@ import org.junit.Test;
 import org.keycloak.admin.client.resource.AuthorizationResource;
 import org.keycloak.admin.client.resource.RulePoliciesResource;
 import org.keycloak.admin.client.resource.RulePolicyResource;
-import org.keycloak.common.Version;
+import org.keycloak.common.Profile;
 import org.keycloak.representations.idm.authorization.DecisionStrategy;
 import org.keycloak.representations.idm.authorization.Logic;
 import org.keycloak.representations.idm.authorization.RulePolicyRepresentation;
 import org.keycloak.testsuite.ProfileAssume;
 /**
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
@ -40,11 +41,13 @@ public class RulesPolicyManagementTest extends AbstractPolicyManagementTest {
    @Test
    public void testCreate() {
        ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
        assertCreated(getClient().authorization(), createDefaultRepresentation("Rule Policy"));
    }
    @Test
    public void testUpdate() {
        ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
        AuthorizationResource authorization = getClient().authorization();
        RulePolicyRepresentation representation = createDefaultRepresentation("Update Rule Policy");
@ -69,6 +72,7 @@ public class RulesPolicyManagementTest extends AbstractPolicyManagementTest {
    @Test
    public void testDelete() {
        ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
        AuthorizationResource authorization = getClient().authorization();
        RulePolicyRepresentation representation = createDefaultRepresentation("Delete Rule Policy");
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/import-authorization-unordered-settings.json
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/import-authorization-unordered-settings.json
@ -54,17 +54,11 @@
    {
      "name": "Only Owner Policy",
      "description": "Defines that only the resource owner is allowed to do something",
-      "type": "rules",
+      "type": "js",
      "logic": "POSITIVE",
      "decisionStrategy": "UNANIMOUS",
      "config": {
-        "mavenArtifactVersion": "${project.version}",
+        "code": "var permission = $evaluation.getPermission();\nvar identity = $evaluation.getContext().getIdentity();\nvar resource = permission.getResource();\nif (resource) {\nif (resource.getOwner().equals(identity.getId())) {\n$evaluation.grant();\n}}"
        "mavenArtifactId": "photoz-authz-policy",
        "sessionName": "MainOwnerSession",
        "mavenArtifactGroupId": "org.keycloak.testsuite",
        "moduleName": "PhotozAuthzOwnerPolicy",
        "scannerPeriod": "1",
        "scannerPeriodUnit": "Hours"
      }
    },
    {
--- a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/RulePolicyManagementTest.java
+++ b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/RulePolicyManagementTest.java
@ -20,9 +20,11 @@ import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNull;
 import org.junit.Test;
 import org.keycloak.common.Profile;
 import org.keycloak.common.Version;
 import org.keycloak.representations.idm.authorization.Logic;
 import org.keycloak.representations.idm.authorization.RulePolicyRepresentation;
 import org.keycloak.testsuite.ProfileAssume;
 import org.keycloak.testsuite.console.page.clients.authorization.policy.RulePolicy;
 /**
@ -31,7 +33,8 @@ import org.keycloak.testsuite.console.page.clients.authorization.policy.RulePoli
 public class RulePolicyManagementTest extends AbstractAuthorizationSettingsTest {
    @Test
-    public void testUpdate() throws InterruptedException {
+    public void testUpdate() {
        ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
        authorizationPage.navigateTo();
        RulePolicyRepresentation expected = createDefaultRepresentation("Test Rule Policy");
@ -59,7 +62,8 @@ public class RulePolicyManagementTest extends AbstractAuthorizationSettingsTest
    }
    @Test
-    public void testDelete() throws InterruptedException {
+    public void testDelete() {
        ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
        authorizationPage.navigateTo();
        RulePolicyRepresentation expected =createDefaultRepresentation("Delete Rule Policy");
@ -72,7 +76,8 @@ public class RulePolicyManagementTest extends AbstractAuthorizationSettingsTest
    }
    @Test
-    public void testDeleteFromList() throws InterruptedException {
+    public void testDeleteFromList() {
        ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
        authorizationPage.navigateTo();
        RulePolicyRepresentation expected =createDefaultRepresentation("Delete Rule Policy");